<?php
// 数据库连接配置
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// 创建数据库连接
try {
    $conn = new mysqli($servername, $username, $password, $dbname);
    
    // 检查连接
    if ($conn->connect_error) {
        throw new Exception("连接失败: " . $conn->connect_error);
    }
    
    // 获取并过滤输入
    $name = isset($_GET['name']) ? trim($_GET['name']) : '';
    
    // 使用预处理语句防止 SQL 注入
    $stmt = $conn->prepare("SELECT * FROM users WHERE name = ?");
    if (!$stmt) {
        throw new Exception("预处理语句创建失败: " . $conn->error);
    }
    
    $stmt->bind_param("s", $name);
    $stmt->execute();
    $result = $stmt->get_result();
    
    if ($result->num_rows > 0) {
        while($row = $result->fetch_assoc()) {
            // 使用 htmlspecialchars 防止 XSS 攻击
            echo "Name: " . htmlspecialchars($row["name"], ENT_QUOTES, 'UTF-8') . "<br>";
        }
    } else {
        echo "0 results";
    }
    
    $stmt->close();
    
} catch (Exception $e) {
    // 记录错误日志，但不向用户显示具体错误信息
    error_log($e->getMessage());
    echo "发生错误，请稍后重试";
} finally {
    // 确保关闭数据库连接
    if (isset($conn)) {
        $conn->close();
    }
}
?> 